johnjohnsp1 Posted April 14, 2017 Share Posted April 14, 2017 Hello, within the new upgraded firmware from 1.0 to latest 1.1 i have some problems with running payloads that need to "GET TARGET_IP". i have downloaded the latest payloads folder tree with git --> https://github.com/hak5/bashbunny-payloads/ this is the content of the get.sh file inside the folder /payloads/library/extensions: #!/bin/bash function GET() { case $1 in "TARGET_IP") export TARGET_IP=$(cat /var/lib/dhcp/dhcpd.leases | grep ^lease | awk '{ print $2 }' | sort | uniq) ;; "TARGET_HOSTNAME") export TARGET_HOSTNAME=$(cat /var/lib/dhcp/dhcpd.leases | grep hostname | awk '{print $2 }' | sort | uniq | tail -n1 | sed "s/^[ \t]*//" | sed 's/\"//g' | sed 's/;//') ;; "HOST_IP") export HOST_IP=$(cat /etc/network/interfaces.d/usb0 | grep address | awk {'print $2'}) ;; "SWITCH_POSITION") [[ "$(cat /sys/class/gpio_sw/PA8/data)" == "0" ]] && export SWITCH_POSITION="switch1" && return [[ "$(cat /sys/class/gpio_sw/PL4/data)" == "0" ]] && export SWITCH_POSITION="switch2" && return [[ "$(cat /sys/class/gpio_sw/PL3/data)" == "0" ]] && export SWITCH_POSITION="switch3" && return export SWITCH_POSITION="invalid" ;; esac } export -f GET Opened with Notepad++ i have aso did the step: --> Edit --> EOL --> convert to UX format. I remove the BB, switch1 then plugged in i still see the Purple led and right after keep getting red led continuosly. inside the loot folder the result is noname. may the GET TARGET_IP not working as intended or as the previous bunny_helpers.sh ? Both responder and impacket are installed. really have no idea why fail ... any help ? or any that get the same issue on new firmware 1.1 ? thanks Quote Link to comment Share on other sites More sharing options...
mrpmcfc Posted April 14, 2017 Share Posted April 14, 2017 I have exactly the same issue, no joy with it whatsoever :( Quote Link to comment Share on other sites More sharing options...
Altecheon Posted April 14, 2017 Share Posted April 14, 2017 can you guys successfully connect to the BB through ssh with the ip 172.16.64.1? If so see if you can ping the IP given to the machine, usually mine is 172.16.64.10. It should show via ifconfig or ipconfig in the respective operating systems if the system is receiving an IP. An example payload of these in action is as follows. Quote # System default payload LED R SLOW ATTACKMODE RNDIS_ETHERNET GET TARGET_HOSTNAME GET TARGET_IP cd / if [ ! -d "temp" ]; then mkdir temp fi echo $TARGET_IP $TARGET_HOSTNAME > /temp/TestOutput This should create a file at /temp/ named TestOutput. To access it log into the bunny and look for it Quote cat /temp/TestOutput I don't have my bunny at the moment to test the code, but you should be able to see what the payloads see. If you cannot access the bunny, make sure that your computer can correctly see the bunny (ex drivers found) Quote Link to comment Share on other sites More sharing options...
mrpmcfc Posted April 14, 2017 Share Posted April 14, 2017 Will try in the morning and get back, cheers Quote Link to comment Share on other sites More sharing options...
johnjohnsp1 Posted April 15, 2017 Author Share Posted April 15, 2017 7 hours ago, Altecheon said: can you guys successfully connect to the BB through ssh with the ip 172.16.64.1? If so see if you can ping the IP given to the machine, usually mine is 172.16.64.10. It should show via ifconfig or ipconfig in the respective operating systems if the system is receiving an IP. An example payload of these in action is as follows. This should create a file at /temp/ named TestOutput. To access it log into the bunny and look for it I don't have my bunny at the moment to test the code, but you should be able to see what the payloads see. If you cannot access the bunny, make sure that your computer can correctly see the bunny (ex drivers found) Thanks for the answer, i was able to running the code you posted: -confirm the LED R SLOW is ok and here is the content of the TestOutput: 172.16.64.10 WS-ATIHD6870 so i think everything is completed fine without any errors. I still dont understand why the Quickcreds hang on LED R SLOW and fail... thanks anywways Quote Link to comment Share on other sites More sharing options...
johnjohnsp1 Posted April 15, 2017 Author Share Posted April 15, 2017 Ok, i found out what was the problem that made any attempt with Quickcreds fail ! inside the folder tree i had: /tools/Responder instead of /tools/responder/ , and even if changing the payload.txt to point at /tools/Responder/ the code somehow was failing. Decide then to rename /tools/Responder with /tools/responder without any modify of payload and voila ! the code was completed without any errors. Thanks to Altecheon to let me run that test and let me think once more again on it i dont know why even if modify the payload and point Responder instead of responder wasnt working but at least now is working so it's all good !! /cheers Quote Link to comment Share on other sites More sharing options...
mrpmcfc Posted April 15, 2017 Share Posted April 15, 2017 I can ping the machine from the bunny but if I run your script the TestOutput is empty Quote Link to comment Share on other sites More sharing options...
Altecheon Posted April 15, 2017 Share Posted April 15, 2017 1 minute ago, mrpmcfc said: I can ping the machine from the bunny but if I run your script the TestOutput is empty If the script returns blank, make sure that the GET function is in the extension folder of the library folder. If it isn't there, then make sure to put the newest repository on the bunny. It should have the extension Quote Link to comment Share on other sites More sharing options...
mrpmcfc Posted April 15, 2017 Share Posted April 15, 2017 get is in the extensions too, can't see where this is going wrong at all tbh Quote Link to comment Share on other sites More sharing options...
mrpmcfc Posted April 15, 2017 Share Posted April 15, 2017 Nevermind got it working now thanx for the help Quote Link to comment Share on other sites More sharing options...
valentino00776 Posted April 17, 2017 Share Posted April 17, 2017 how did you get it to work buddy ? Quote Link to comment Share on other sites More sharing options...
mrpmcfc Posted April 17, 2017 Share Posted April 17, 2017 14 minutes ago, valentino00776 said: how did you get it to work buddy ? I reflashed and manually installed impacket and responder again and all was good, bit baffling really why it wouldn't work to start with Quote Link to comment Share on other sites More sharing options...
valentino00776 Posted April 17, 2017 Share Posted April 17, 2017 sorry can you explain how you installed manually ? When i shh into it i can see them installed but when trying quickcreds i just end up with the machine name and empty folder. Led flashes amber but never green Thanks Quote Link to comment Share on other sites More sharing options...
mrpmcfc Posted April 18, 2017 Share Posted April 18, 2017 10 hours ago, valentino00776 said: sorry can you explain how you installed manually ? When i shh into it i can see them installed but when trying quickcreds i just end up with the machine name and empty folder. Led flashes amber but never green Thanks If you can see them in tools when ssh in then you already have them, just be sure you've ran impacket's setup, from the tools/impacket/ location python ./setup.py install also be sure your using the latest quickcreds and that the extensions folder is in the right place as a previous poster mentioned.. Quote Link to comment Share on other sites More sharing options...
DavidDoherty Posted October 4, 2017 Share Posted October 4, 2017 Hackling Active Members 9 posts Report post Posted just now Hi Folks I am having similar issues (still) with empty loot folders and internet connections, so I decided to do a bit of investigation on the back of the advice above to test the GET command. I reset the bunny and applied the 1.3 firmware update and installed tools. All good so far. I then setup a payload to run as an ethernet cad, ie. ATTACKMODE RNDIS_ETHERNET on switch 1 . I can now connect, on my windows 10 home laptop, via ssh to the bunny on the usual IP address of 172.16.64.1. I cannot , though, ping anything, even though internet sharing is setup as per the wiki When I look at the GET command I can see, for TARGET_IP and TARGET_HOSTNAME, it is querying the /var/lib/dhcp/dhcpd.leases file. When I look in here I don't get what I expected. The contents of this file is one line: server-duid "\000\001\000\001 \242\267\363Z\000\000ZZ\000"; Strangely enough, the contents of the /etc/network/interfaces.d/usb0 file looks good: allow-hotplug usb0 auto usb0 iface usb0 inet static address 172.16.64.1 netmask 255.255.255.0 gateway 172.16.64.64 dns-nameserver 8.8.8.8 dns-nameserver 8.8.4.4 So my payloads will never work without the target IP or hostname. Can anyone please point me to what I am getting wrong? For reference, I have followed the wiki internet sharing instructions religiously. and my wifi interface is sharing with my bunny interface. Regards Quote Link to comment Share on other sites More sharing options...
DavidDoherty Posted October 5, 2017 Share Posted October 5, 2017 Folks Instead of doing what I normally do - posting here and hoping someone can save me, i decided to look into this myself. 24hours later, after lots of netstat commands and troubleshooting, I decided to start again with trying to get the bunny online. Step1 - clear all old bunny interfaces from windows. Step2 - realise how much of a muppet i have been after seeing 3 bunny related interfaces. Step3 - delete all the NDIS interfaces Step4 - Launch payload with NDIS_ETHERNET Step5 - follow the connection sharing steps Step6 - success Step7 - See Step3 re muppet reference. What a relief. Hope that helps someone who cannot understand why their bunny cannot share a windows internet connection regards David Quote Link to comment Share on other sites More sharing options...
Dave-ee Jones Posted October 6, 2017 Share Posted October 6, 2017 Good to see you've solved the problem! Good luck! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.